Sign-up

ID

VAR-201612-0365


CVE

CVE-2016-9203


TITLE

Cisco ASR 5000 Series software Internet Key Exchange Version 2 In function ipsecmgr Process reload vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-006316

DESCRIPTION

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known Fixed Releases: 21.1.M0.65431 21.1.PP0.65733 21.1.R0.65467 21.1.R0.65496 21.1.VC0.65434 21.1.VC0.65489 21.2.A0.65437. Vendors have confirmed this vulnerability Bug ID CSCvb38398 It is released as.By a remote attacker, ipsecmgr The process may be reloaded. Cisco ASR5000 Series Software is a 5000 series wireless controller product from Cisco. The attacker exploited this vulnerability to send a specially crafted IKEv2 packet causing the ipsecmgr process to crash. An attacker can exploit this issue to restart the affected process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvb38398

Trust: 2.52

sources: NVD: CVE-2016-9203 // JVNDB: JVNDB-2016-006316 // CNVD: CNVD-2016-12775 // BID: 94790 // VULHUB: VHN-98023

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12775

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:20.0.2.3.65026

Trust: 1.6

vendor:ciscomodel:asr series softwarescope:eqversion:50000

Trust: 0.9

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:20.2.3

Trust: 0.8

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:20.2.3.65026

Trust: 0.8

sources: CNVD: CNVD-2016-12775 // BID: 94790 // JVNDB: JVNDB-2016-006316 // CNNVD: CNNVD-201612-272 // NVD: CVE-2016-9203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9203
value: HIGH

Trust: 1.0

NVD: CVE-2016-9203
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-12775
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-272
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98023
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9203
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12775
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98023
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9203
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12775 // VULHUB: VHN-98023 // JVNDB: JVNDB-2016-006316 // CNNVD: CNNVD-201612-272 // NVD: CVE-2016-9203

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-98023 // JVNDB: JVNDB-2016-006316 // NVD: CVE-2016-9203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-272

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201612-272

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006316

PATCH
title:cisco-sa-20161207-asr1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1
Trust: 0.8
title:Patch for Cisco ASR5000Series Denial of Service Vulnerability (CNVD-2016-12775)url:https://www.cnvd.org.cn/patchInfo/show/86373
Trust: 0.6
title:Cisco ASR 5000 Series Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66312
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12775 // 
            
            
            
            JVNDB: JVNDB-2016-006316 // 
            
            
            
            CNNVD: CNNVD-201612-272

EXTERNAL IDS
db:NVDid:CVE-2016-9203
Trust: 3.4
db:BIDid:94790
Trust: 2.6
db:SECTRACKid:1037413
Trust: 1.1
db:JVNDBid:JVNDB-2016-006316
Trust: 0.8
db:CNNVDid:CNNVD-201612-272
Trust: 0.7
db:CNVDid:CNVD-2016-12775
Trust: 0.6
db:VULHUBid:VHN-98023
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12775 // 
            
            
            
            VULHUB: VHN-98023 // 
            
            
            
            BID: 94790 // 
            
            
            
            JVNDB: JVNDB-2016-006316 // 
            
            
            
            CNNVD: CNNVD-201612-272 // 
            
            
            
            NVD: CVE-2016-9203

REFERENCES
url:http://www.securityfocus.com/bid/94790
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-asr1
Trust: 2.0
url:http://www.securitytracker.com/id/1037413
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9203
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9203
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12775 // 
            
            
            
            VULHUB: VHN-98023 // 
            
            
            
            BID: 94790 // 
            
            
            
            JVNDB: JVNDB-2016-006316 // 
            
            
            
            CNNVD: CNNVD-201612-272 // 
            
            
            
            NVD: CVE-2016-9203

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 94790 // 
            
            
            
            CNNVD: CNNVD-201612-272

SOURCES
db:CNVDid:CNVD-2016-12775
db:VULHUBid:VHN-98023
db:BIDid:94790
db:JVNDBid:JVNDB-2016-006316
db:CNNVDid:CNNVD-201612-272
db:NVDid:CVE-2016-9203

LAST UPDATE DATE
2024-11-23T22:49:12.956000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12775date:2016-12-22T00:00:00
db:VULHUBid:VHN-98023date:2016-12-22T00:00:00
db:BIDid:94790date:2016-12-20T00:08:00
db:JVNDBid:JVNDB-2016-006316date:2016-12-21T00:00:00
db:CNNVDid:CNNVD-201612-272date:2016-12-13T00:00:00
db:NVDid:CVE-2016-9203date:2024-11-21T03:00:47.647

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12775date:2016-12-21T00:00:00
db:VULHUBid:VHN-98023date:2016-12-14T00:00:00
db:BIDid:94790date:2016-12-07T00:00:00
db:JVNDBid:JVNDB-2016-006316date:2016-12-21T00:00:00
db:CNNVDid:CNNVD-201612-272date:2016-12-12T00:00:00
db:NVDid:CVE-2016-9203date:2016-12-14T00:59:23.943